How Private Cloud Models Are Picking Up Steam – Again

This article is an excerpt from GovLoop’s recent guide, “5 Cloud Trends to Watch in Government.” Download the full guide here.

As agencies seek to move more sensitive data to the cloud, it’s little wonder that private cloud models are gaining popularity. Private clouds are used by a single entity and isolated from others, giving agencies more control and security. Perhaps some of the most compelling cases for private cloud come from the intelligence community’s Commercial Cloud Services contract, which has cut the time it takes to provision a server from 180 days to minutes.

Recent statistics about private clouds are telling. Governments will implement private cloud at twice the rate of public cloud through 2021, Gartner predicts, “despite private cloud not delivering the same benefits in scale, functionality, cost savings or agility as public cloud can.” A 2016 MeriTalk survey found that 64 percent of federal IT managers said they were most likely to place a majority of their cloud-based applications in a private cloud, while 54 percent of state and local IT managers said the same.

A 2016 Deltek report found that agencies spent $1 billion on private cloud computing in the preceding three years, and a 2017 IDC report put total federal cloud spending closer to $3.3 billion by 2021. Still, it’s worth nothing that some studies have shown that private clouds hosted by larger CSPs are more secure than on-premises solutions. The bottom line: Do your homework; cloud isn’t a one-size-fits-all, silver bullet or insertother-cliché-here solution.

See it in action at the federal level:

The Defense Information Systems Agency’s milCloud is a cloud services portfolio “that features an integrated suite of capabilities designed to drive agility into the development, deployment and maintenance of secure Department of Defense applications.” With milCloud 2.0, DISA is expanding not only service offerings, it’s also redefining milCloud’s structure.

MilCloud 2.0, which launched Feb. 1, connects commercial Infrastructureas-a-Service offerings to DoD networks in a private deployment model. DISA awarded CSRA a $498 million contract in June 2017 to run the on-premises, private cloud solution. This is a departure from milCloud 1.0, which was government-run.

DISA gave milCloud 2.0 provisional authority for impact level 5 data in March, clearing the way for it to access and host controlled unclassified information, missioncritical information and national security systems.

“It’s more secure than a commercial cloud, but it’s a capability that’s provided on-premise,” former DISA Director Lt. Gen. Alan Lynn said of milCloud 2.0 at the 2017 AFCEA Defensive Cyber Operations Symposium.

See it in action at the county level:

In 2011, Oakland County, Michigan, launched G2G Cloud Solutions to “improve government services by sharing technology with other government agencies at little or no cost,” according to the G2G Cloud website. It began by providing services internally and with some local municipalities. Today, almost 100 government entities statewide use it, and in 2017, the county transacted $58 million through it.

“They’re able to use our G2G Cloud Solutions as a Software-as-a-Service,” said Phil Bertolini, county CIO. “Part of our technology is housed in a cloud. We use different versions of the cloud. … What’s good for those local communities is they don’t have to have any of the infrastructure to go ahead and use the technology.”

The county opted to use a private cloud for this e-commerce initiative because of the sensitive data, such as credit card numbers and personally identifiable information, involved in the two payment services agencies can get through G2G. One is over-thecounter payments, which let people pay by swiping their credit cards. The other is online payments.

“You don’t want that out there where it can be hacked,” Bertolini said. “When you talk about public or private cloud, it’s really where you’re housing your technologies and housing your data, how you’re using it. It’s going to be the difference in the type of information you’re using and how critical it is that it be secure and confidential.”

Next Steps:

GSA’s 2017 Hybrid Cloud Almanac outlines steps to take when considering cloud options. The first is to conduct a thorough inventory of all current IT assets, including infrastructure, applications and governance structure. This will help you determine the type of data you want to move to the cloud. Then you can review the almanac’s definitions of cloud options to help you choose the right one.

The DISA Cloud Playbook defines the cloud adoption cycle as learn, choose, buy, configure, transition and utilize. But note that this is a cycle, and it will repeat as technology and your needs evolve. Have a strategy in place that allows you to continuously review your needs and be flexible about adapting them.